rpz doesn't work for domain proxy.ru and subdomains
Summary
Such an entry in the rpz zone "proxy.ru A 1.1.1.1" does not return the correct result.
Such an entry in the rpz zone "proxi.ru A 1.1.1.1" returns the correct result.
Such an entry in the rpz zone "proxy.org A 1.1.1.1" returns the correct result.
BIND version used
Different versions for different operating systems:
BIND 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 built with '--build=ppc64-redhat-linux-gnu' '--host=ppc64-redhat-linux-gnu' '--target=ppc64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--enable-filter-aaaa' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-rpz-nsip' '--enable-rpz-nsdname' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--disable-atomic' '--enable-fixed-rrset' 'build_alias=ppc64-redhat-linux-gnu' 'host_alias=ppc64-redhat-linux-gnu' 'target_alias=ppc64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mminimal-toc' 'CPPFLAGS= -DDIG_SIGCHASE' using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013 using libxml2 version: 2.7.6
BIND 9.9.4-RedHat-9.9.4-73.el7_6 (Extended Support Version) id:8f9657aa built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-tuning=large' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE' using OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017 using libxml2 version: 2.9.1
BIND 9.10.3-P4-Ubuntu id:ebd72b3 built by make with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE' compiled by GCC 5.4.0 20160609 compiled with OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016 linked to OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016 compiled with libxml2 version: 2.9.3 linked to libxml2 version: 20903
Steps to reproduce
Install the bind9 with default settings.
Add a rpz to the file named.conf
Create the correct file with rpz and add such lines to it:
proxy.org A 1.1.1.1
proxi.ru A 1.1.1.1
proxy.ru A 1.1.1.1
*.proxy.org A 2.2.2.2
*.proxi.ru A 2.2.2.2
*.proxy.ru A 2.2.2.2What is the current bug behavior?
# nslookup proxy.ru 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find proxy.ru: NXDOMAIN
# nslookup qq.proxy.ru 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find qq.proxy.ru: NXDOMAINWhat is the expected correct behavior?
# nslookup proxy.ru 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: proxy.ru
Address: 1.1.1.1
# nslookup qq.proxy.ru 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: qq.proxy.ru
Address: 2.2.2.2Relevant configuration files
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code, as it's very hard to read otherwise.)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem.)